Feeds

IPv6 intro creates spam-filtering nightmare

Blacklist extinction looms

Intelligent flash storage arrays

The migration towards IPv6, which has been made necessary by the expansion of the internet, will make it harder to filter spam messages, service providers warn.

The current internet protocol, IPv4, has a limited address space which is reaching exhaustion* thanks to the fast uptake of internet technology in populous countries such as India and China and the more widespread use of smartphones. IPv6 promises 3.4 x 1038 addresses compared to the paltry 4.3 billion (4.3 x 109) addresses offered by IPv4.

While this expansion allows far more devices to have a unique internet address, it creates a host of problems for security service providers, who have long used databases of known bad IP addresses to maintain blacklists of junk mail cesspools. Spam-filtering technology typically uses these blacklists as one (key component) in a multi-stage junk mail filtering process that also involves examining message contents.

"The primary method for stopping the majority of spam used by email providers is to track bad IP addresses sending email and block them – a process known as IP blacklisting," explained Stuart Paton, a senior solutions architect at spam-filtering outfit Cloudmark. "With IPv6 this technique will no longer be possible and could mean that email systems would quickly become overloaded if new approaches are not developed to address this."

Other security technologies also track IP addresses for various purposes, including filtering out sources of denial of service attacks, click fraud and search engine manipulation. Tracking a vastly expanded IP address space will make life much harder for network defenders, Paton warns.

"As an example, the address space is so large that it would be easy for spammers to use a single IP address just once to send a single email," he said.

The information security industry and ISPs need to collaborate on working out how to resolve the problem in order to make sure inboxes are not flooded with more junk mail thanks to the introduction of the new internet-address protocol. In the meantime, Cloudmark suggests interim restriction might need to be applied to preserve existing systems.

"Cloudmark advocates that ISPs do not initially need to be able to receive mail from IPv6 addresses (on inbound) except from their own customers (known as outbound)," Paton explained. "This would ensure business continuity for ISPs and provisioning of ADSL/Cable modems to continue. This measure will also protect the IPv4 reputation system that is currently in use and working well."

Paul Wood, an anti-spam expert at Symantec.cloud (formerly MessageLabs), confirmed that other security firms are also considering whether to apply tougher controls on mail from IPv6 networks.   "It [IPv6] is definitely a real area of concern in the anti-spam community, and opinion varies on whether businesses should accept mail on IPv6 or not for this reason," Woods told El Reg. "I'm of the opinion that at least for the moment they shouldn't, unless the connections are from a trusted source."

Email is a two-way communication protocol (unlike web browsing), so legitimate IPv6 mail servers, outside of academia and testing environments, will need to support IPv4 for some years. "Relatively speaking, there are very few real mail servers in the world, so the starvation of IPv4 will not affect them much because there will for a very long time be a resale market in the IPv4 address space," Wood added.

Wood told El Reg that although the move to IPv6 is a bit of a headache for spam-filtering, it might also make life harder for hackers hoping to take advantage of open relays to distribute spam or mount other types of security attacks.

"While the arrival of IPv6 is likely to eliminate the usefulness of traditional IP-based blacklists, it is also likely to reduce the issues that arise from port-scanning of open relays and other vulnerabilities," Wood explained. "The IPv6 address space is so large it wouldn't be scalable from the bad-guys perspective – the returns will diminish over time." ®

* Although the last big blocks of IPv4 address space were allocated last month, there is plenty of assigned but unused space, estimated to be as high as 50 per cent by some experts. That means the resale market for IPv4 addresses is likely to last several years, at minimum.

Internet Security Threat Report 2014

More from The Register

next story
Knock Knock tool makes a joke of Mac AV
Yes, we know Macs 'don't get viruses', but when they do this code'll spot 'em
Feds seek potential 'second Snowden' gov doc leaker – report
Hang on, Ed wasn't here when we compiled THIS document
Why weasel words might not work for Whisper
CEO suspends editor but privacy questions remain
DEATH by PowerPoint: Microsoft warns of 0-day attack hidden in slides
Might put out patch in update, might chuck it out sooner
BlackEnergy crimeware coursing through US control systems
US CERT says three flavours of control kit are under attack
prev story

Whitepapers

Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
Simplify SSL certificate management across the enterprise
Simple steps to take control of SSL across the enterprise, and recommendations for a management platform for full visibility and single-point of control for these Certificates.